lemma insert_map_inverse: "delete_map i (insert_map i x f) = f" by (rule ext, simp)
lemma insert_map_delete_map_eq: "(insert_map i x (delete_map i g)) = g(i:=x)" apply (rule ext) apply (auto split: nat_diff_split) done
subsection\<open>Injectiveness proof\<close>
lemma insert_map_inject1: "(insert_map i x f) = (insert_map i y g) ==> x=y" by (drule_tac x = i in fun_cong, simp)
lemma insert_map_inject2: "(insert_map i x f) = (insert_map i y g) ==> f=g" apply (drule_tac f = "delete_map i"in arg_cong) apply (simp add: insert_map_inverse) done
lemma insert_map_inject': "(insert_map i x f) = (insert_map i y g) ==> x=y & f=g" by (blast dest: insert_map_inject1 insert_map_inject2)
(*The general case: we don't assume i=i'*) lemma lift_map_eq_iff [iff]: "(lift_map i (s,(f,uu)) = lift_map i' (s',(f',uu')))
= (uu = uu' & insert_map i s f = insert_map i' s' f')" by (unfold lift_map_def, auto)
(*The !!s allows the automatic splitting of the bound variable*) lemma drop_map_lift_map_eq [simp]: "!!s. drop_map i (lift_map i s) = s" apply (unfold lift_map_def drop_map_def) apply (force intro: insert_map_inverse) done
(*sub's main property!*) lemma sub_apply [simp]: "sub i f = f i" by (simp add: sub_def)
lemma all_total_lift: "all_total F ==> all_total (lift i F)" by (simp add: lift_def rename_def Extend.all_total_extend)
lemma insert_map_upd_same: "(insert_map i t f)(i := s) = insert_map i s f" by (rule ext, auto)
lemma insert_map_upd: "(insert_map j t f)(i := s) =
(if i=j then insert_map i s f
else if i<j then insert_map j t (f(i:=s))
else insert_map j t (f(i - Suc 0 := s)))" apply (rule ext) apply (simp split: nat_diff_split) txt\<open>This simplification is VERY slow\<close> done
lemma insert_map_eq_diff: "[| insert_map i s f = insert_map j t g; i\j |]
==> \<exists>g'. insert_map i s' f = insert_map j t g'" apply (subst insert_map_upd_same [symmetric]) apply (erule ssubst) apply (simp only: insert_map_upd if_False split: if_split, blast) done
lemma lift_set_empty [simp]: "lift_set i {} = {}" by (unfold lift_set_def, auto)
lemma lift_set_iff: "(lift_map i x \ lift_set i A) = (x \ A)" apply (unfold lift_set_def) apply (rule inj_lift_map [THEN inj_image_mem_iff]) done
(*Do we really need both this one and its predecessor?*) lemma lift_set_iff2 [iff]: "((f,uu) \ lift_set i A) = ((f i, (delete_map i f, uu)) \ A)" by (simp add: lift_set_def mem_rename_set_iff drop_map_def)
lemma lift_set_mono: "A \ B ==> lift_set i A \ lift_set i B" apply (unfold lift_set_def) apply (erule image_mono) done
lemma lift_set_Un_distrib: "lift_set i (A \ B) = lift_set i A \ lift_set i B" by (simp add: lift_set_def image_Un)
lemma lift_set_Diff_distrib: "lift_set i (A-B) = lift_set i A - lift_set i B" apply (unfold lift_set_def) apply (rule inj_lift_map [THEN image_set_diff]) done
subsection\<open>The Lattice Operations\<close>
lemma bij_lift [iff]: "bij (lift i)" by (simp add: lift_def)
lemma lift_SKIP [simp]: "lift i SKIP = SKIP" by (simp add: lift_def)
lemma lift_Join [simp]: "lift i (F \ G) = lift i F \ lift i G" by (simp add: lift_def)
lemma lift_JN [simp]: "lift j (JOIN I F) = (\i \ I. lift j (F i))" by (simp add: lift_def)
lemma lift_transient: "(lift i F \ transient (lift_set i A)) = (F \ transient A)" by (simp add: lift_def lift_set_def rename_transient)
lemma lift_ensures: "(lift i F \ (lift_set i A) ensures (lift_set i B)) =
(F \<in> A ensures B)" by (simp add: lift_def lift_set_def rename_ensures)
lemma lift_leadsTo: "(lift i F \ (lift_set i A) leadsTo (lift_set i B)) =
(F \<in> A leadsTo B)" by (simp add: lift_def lift_set_def rename_leadsTo)
lemma lift_LeadsTo: "(lift i F \ (lift_set i A) LeadsTo (lift_set i B)) =
(F \<in> A LeadsTo B)" by (simp add: lift_def lift_set_def rename_LeadsTo)
(** guarantees **)
lemma lift_lift_guarantees_eq: "(lift i F \ (lift i ` X) guarantees (lift i ` Y)) =
(F \<in> X guarantees Y)" apply (unfold lift_def) apply (subst bij_lift_map [THEN rename_rename_guarantees_eq, symmetric]) apply (simp add: o_def) done
lemma lift_guarantees_eq_lift_inv: "(lift i F \ X guarantees Y) =
(F \<in> (rename (drop_map i) ` X) guarantees (rename (drop_map i) ` Y))" by (simp add: bij_lift_map [THEN rename_guarantees_eq_rename_inv] lift_def)
(*To preserve snd means that the second component is there just to allow guarantees properties to be stated. Converse fails, for lift i F can
change function components other than i*) lemma lift_preserves_snd_I: "F \ preserves snd ==> lift i F \ preserves snd" apply (drule_tac w1=snd in subset_preserves_o [THEN subsetD]) apply (simp add: lift_def rename_preserves) apply (simp add: lift_map_def o_def split_def) done
lemma delete_map_eqE': "(delete_map i g) = (delete_map i g') ==> \x. g = g'(i:=x)" apply (drule_tac f = "insert_map i (g i) "in arg_cong) apply (simp add: insert_map_delete_map_eq) apply (erule exI) done
lemma delete_map_neq_apply: "[| delete_map j g = delete_map j g'; i\j |] ==> g i = g' i" by force
(*A set of the form (A \<times> UNIV) ignores the second (dummy) state component*)
lemma vimage_o_fst_eq [simp]: "(f o fst) -` A = (f-`A) \ UNIV" by auto
lemma vimage_sub_eq_lift_set [simp]: "(sub i -`A) \ UNIV = lift_set i (A \ UNIV)" by auto
lemma mem_lift_act_iff [iff]: "((s,s') \ extend_act (%(x,u::unit). lift_map i x) act) =
((drop_map i s, drop_map i s') \ act)" apply (unfold extend_act_def, auto) apply (rule bexI, auto) done
lemma preserves_snd_lift_stable: "[| F \ preserves snd; i\j |]
==> lift j F \<in> stable (lift_set i (A \<times> UNIV))" apply (auto simp add: lift_def lift_set_def stable_def constrains_def
rename_def extend_def mem_rename_set_iff) apply (auto dest!: preserves_imp_eq simp add: lift_map_def drop_map_def) apply (drule_tac x = i in fun_cong, auto) done
(*If i\<noteq>j then lift j F does nothing to lift_set i, and the
premise ensures A \<subseteq> B.*) lemma constrains_imp_lift_constrains: "[| F i \ (A \ UNIV) co (B \ UNIV);
F j \<in> preserves snd |]
==> lift j (F j) \<in> (lift_set i (A \<times> UNIV)) co (lift_set i (B \<times> UNIV))" apply (cases "i=j") apply (simp add: lift_def lift_set_def rename_constrains) apply (erule preserves_snd_lift_stable[THEN stableD, THEN constrains_weaken_R],
assumption) apply (erule constrains_imp_subset [THEN lift_set_mono]) done
(*USELESS??*) lemma lift_map_image_Times: "lift_map i ` (A \ UNIV) =
(\<Union>s \<in> A. \<Union>f. {insert_map i s f}) \<times> UNIV" apply (auto intro!: bexI image_eqI simp add: lift_map_def) apply (rule split_conv [symmetric]) done
lemma lift_preserves_eq: "(lift i F \ preserves v) = (F \ preserves (v o lift_map i))" by (simp add: lift_def rename_preserves)
(*A useful rewrite. If o, sub have been rewritten out already then can also
use it as rewrite_rule [sub_def, o_def] lift_preserves_sub*) lemma lift_preserves_sub: "F \ preserves snd
==> lift i F \<in> preserves (v o sub j o fst) =
(if i=j then F \<in> preserves (v o fst) else True)" apply (drule subset_preserves_o [THEN subsetD]) apply (simp add: lift_preserves_eq o_def) apply (auto cong del: if_weak_cong
simp add: lift_map_def eq_commute split_def o_def) done
subsection\<open>Lemmas to Handle Function Composition (o) More Consistently\<close>
(*Lets us prove one version of a theorem and store others*) lemma o_equiv_assoc: "f o g = h ==> f' o f o g = f' o h" by (simp add: fun_eq_iff o_def)
lemma o_equiv_apply: "f o g = h ==> \x. f(g x) = h x" by (simp add: fun_eq_iff o_def)
lemma fst_o_lift_map: "sub i o fst o lift_map i = fst" apply (rule ext) apply (auto simp add: o_def lift_map_def sub_def) done
lemma snd_o_lift_map: "snd o lift_map i = snd o snd" apply (rule ext) apply (auto simp add: o_def lift_map_def) done
subsection\<open>More lemmas about extend and project\<close>
text\<open>They could be moved to theory Extend or Project\<close>
lemma UNION_OK_lift_I: "[| \i \ I. F i \ preserves snd; \<forall>i \<in> I. \<Union>(Acts ` (preserves fst)) \<subseteq> AllowedActs (F i) |]
==> OK I (%i. lift i (F i))" apply (auto simp add: OK_def lift_def rename_def Extend.Acts_extend) apply (simp add: Extend.AllowedActs_extend project_act_extend_act) apply (rename_tac "act") apply (subgoal_tac "{(x, x'). \s f u s' f' u'.
((s, f, u), s', f', u') \ act &
lift_map j x = lift_map i (s, f, u) &
lift_map j x' = lift_map i (s', f', u') } \<subseteq> { (x,x') . fst x = fst x'}") apply (blast intro: act_in_UNION_preserves_fst, clarify) apply (drule_tac x = j in fun_cong)+ apply (drule_tac x = i in bspec, assumption) apply (frule preserves_imp_eq, auto) done
lemma OK_lift_I: "[| \i \ I. F i \ preserves snd; \<forall>i \<in> I. preserves fst \<subseteq> Allowed (F i) |]
==> OK I (%i. lift i (F i))" by (simp add: safety_prop_AllowedActs_iff_Allowed UNION_OK_lift_I)
lemma Allowed_lift [simp]: "Allowed (lift i F) = lift i ` (Allowed F)" by (simp add: lift_def)
lemma lift_image_preserves: "lift i ` preserves v = preserves (v o drop_map i)" by (simp add: rename_image_preserves lift_def)
end
¤ Dauer der Verarbeitung: 0.3 Sekunden
(vorverarbeitet)
¤
Die Informationen auf dieser Webseite wurden
nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit,
noch Qualität der bereit gestellten Informationen zugesichert.
Bemerkung:
Die farbliche Syntaxdarstellung ist noch experimentell.
